This Privacy Policy explains GPT’s information handling practices including in relation to personal information collected by GPT. Where appropriate GPT will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act.

By using any of GPT’s services or providing any services to GPT, you confirm that you have read and agree to the terms of this Privacy Policy. By accepting this Privacy Policy, you expressly consent to the collection, use, disclosure and handling of your personal information in accordance with this Privacy Policy. If you are an organisation, by accepting this Privacy Policy, you confirm that you have obtained the express consent from your personnel to the collection, use, disclosure and handling of their personal information in accordance with this Privacy Policy.

This Privacy Policy is incorporated into, and subject to, our Terms of Use, and is in addition to any other terms and conditions applicable to this website or any other services we provide. We will post any changes to this Privacy Policy on this website, so we encourage you to check this Privacy Policy from time to time.

What personal information is collected and why

Customers

What we collect

We collect information about individuals:

(a) who use our websites, mobile applications, social media and other online services (Online Services);

(c) who purchase gift cards or otherwise transact with us, participate in surveys or competitions and register for or use any of our services, including guest WIFI services, the hire of mobility aids and other equipment;

(d) who are involved in or witness an incident in our property;

(e) who use our car parks;

(f) to whom we provide other products or services from time to time.

The types of personal information we collect includes name, contact details including but not limited to phone numbers, email addresses, home address/ postcode, gender, identification information, payment details, registration and activity details relating to our Online Services (such as the date and time you accessed each page on our website; the fully qualified domain name from which you access our websites, or alternatively, your IP address; the URL of any webpage from which you accessed our websites; cookies which track your visits to our websites and the web browsers that you are using and the pages you accessed), Member Programs and other services, transaction details, interests and preferences, device details (including device identifiers, usage and location data), information submitted in forms, details of incidents involving you at our properties, enquiry/complaint details and records of communications and interactions.

GPT properties are under video and camera surveillance. When entering GPT properties the personal information and images of individuals may be collected by GPT.

We generally do not collect “sensitive information” as described in the Privacy Act. If we do, we will do so with the express consent of the individual and in accordance with the Privacy Act.

How we collect

We collect personal information from you and from other sources including publicly available information, your representatives, information service providers, service providers who collect personal information on our behalf, other GPT companies, and the parties with which we exchange information as described here.

Why

General

We collect, hold, use and disclose your personal information for purposes including to provide, administer, improve and personalise our services, process payments, identify you, communicate with you (including direct marketing and investor communications), conduct promotions, investigate and deal with unlawful activity and misconduct, respond to lawful information requests from courts, government agencies and lawyers, protect our lawful interests and deal with your enquiries and concerns.

If a third party acquires or wishes to acquire, or makes inquiries in relation to acquiring, an interest in GPT we may disclose personal information to that third party or its advisors.

Personal information we collect may also be used for purposes related to GPT’s research (including market research), planning, product and service development, security, testing, customer relationship management and records management.

To help us understand and serve you better, we may combine personal information we hold about you with personal and non-personal information from different sources. For example, we may obtain demographic data from an information service provider to tell us about the interests of people in your postcode and use it to help us predict which products and services might appeal to you. These sorts of activities may be conducted in connection with our Online Services and Member Programs as described further below.

We may collect information such as occupation, language, zip code, area code, unique device identifier, referrer URL, location, and the time zone where an a GPT product or service is used so that we can better understand customer behaviour and improve our products, services, and advertising.

We may collect information regarding customer activities on our website, social media, stores and from our other products and services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our website, products, and services are of most interest. Aggregated data is considered non-personal information for the purposes of this Privacy Policy.

We may collect and store details of how you use our services, including search queries. This information may be used to improve the relevancy of results provided by our services. Except in limited instances to ensure quality of our services over the Internet, such information will not be associated with your IP address.

With your explicit consent, we may collect data about how you use your device and applications in order to help app developers improve their apps.

If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.

Online Services

Users of our Online Services are not required to provide us with any personal information. However, we may not be able to provide the information or service a user requests – including access to, and use of, a Member Program – if the personal information which is indicated as mandatory is not provided.

We may also collect aggregated information which tells us about users of our Online Services but not the identity of those users, unless they register to join a Member Program (in which case, the identity of a user may become apparent). For example, we may collect information about the date, time and duration of visits and which pages or parts of those Online Services are most commonly accessed. We may also collect internet address domain names, the previous websites visited and the types of browser visitors are using. This information is used by us for internal research, statistical and website development purposes. It may also be used by us to provide users with offers, discounts, promotions, advertising, products, services and other content.

Our Online Services may use "cookies" and other technologies. A cookie is a small message in a text file, and the message is then sent back to the server each time the browser requests a page from the server.

Cookies may be used by us for a variety of purposes. For example, we may use cookies to recognise a browser which has previously accessed our Online Services and customise our Online Services according to previous preferences and behaviour. Cookies may also be used to manage security and store information about the type of browser being used. With most Internet browsers, users can erase cookies from their computer’s hard drive, block all cookies, or receive a warning before a cookie is stored. However, some parts of our Online Services may not function fully for users who disallow cookies.

Our Online Services may, from time to time, contain links to the websites and online services of other organisations which may be of interest to you. Those other organisations are responsible for their own privacy practices and you should check those websites and online services for their respective privacy policies.

Member Programs

If you join a Member Program, we may:

collect and process personal information such as your name, email and other contact details (including any information provided by filling in forms using our Online Services); and

collect data about your usage history on our Online Services and other websites operated by third parties which allow your device to be added to one or more interest categories (for example "women's shoes").

We use this data for the purpose of analysing usage of our Member Programs, improving our content and product offerings, customising our content, layout and services and providing you with offers, discounts, promotions, advertising and services which are targeted to your interests.

Our Online Services may include functionality that makes use of the hosting device's geographic position on approach and entry into a participating asset. This means that if you joined a relevant Member Program, and you use one of those Online Services, you may be located by us or our service providers and contractors by reference to the location of your device. We may use this functionality to locate and send you offers, discounts, promotions, advertising, products, services or other content on your device.

If you do not consent to us:

using data about your browsing activity to contact you and deliver offers, discounts, promotions, advertising or other content targeted to your interests; or

using data about your device location to provide you with location-based services available through a Member Program;

You are always free to delete your cookies and cease participation in the Member Program. In the case of (i), your device and browser may also give you options to turn off location services either generally or for particular apps or sites.

Tenants and prospective tenants

What we collect

GPT collects the following types of personal information from unincorporated tenants and guarantors during negotiations for, and during the term of, the lease/licence for premises, storage space, car park spaces and kiosks at GPT properties:

(a) Contact and insurance details;

(b) ABNs;

(c) Information as to tenants’ and guarantors’ financial standings and tenants’ business experience; and

(d) other assorted financial and trading information.

We collect personal information from you and from other sources including publicly available information, your representatives, information service providers, other GPT companies and the parties with which we exchange information as described here.

We may collect and share personal information about you (including vehicle number plates and surveillance footage) in order to:

A) operate the car park

B) manage operations at the Centre

C) provide you with services, features and functions related to your use of the car park; and

D) for purposes otherwise set out in our privacy policy.

By entering and remaining in the car park you consent to information about yourself (including images) being collected and to us disclosing your personal information to anyone (including the Manager, law enforcement bodies, persons involved in relevant legal or disciplinary actions and our service providers) to the extent that such disclosure is lawful under the Privacy Act (Cth).

Why

This information is required to evaluate whether a lease or licence should be granted to the tenant; to enable GPT to perform its obligations; to assist GPT to manage the relationship and to monitor the performance of the property. The information may also be made available to others in connection with any transactions involving the ownership or management of the property.

If a tenant provides GPT with direct debit or direct credit details, GPT may disclose those details to GPT’s bank to facilitate the provision of that service.

GPT properties are under video and camera surveillance. When entering GPT properties the personal information and images of individuals may be collected by GPT. This information may be used by GPT in connection with the management and security of the property.

Investors

GPT maintains securityholder registers through an external services provider, Link Market Services. GPT requires Link Market Services to comply with the Australian Privacy Principles and Privacy Act when performing these services. Personal information collected includes contact, bank account and security holding details and tax file numbers. This information is used to carry out registry functions such as payment of distributions, sending annual and half yearly reports, notices of meetings or newsletters and notifications to the Australian Tax Office. Our investors can find out more about how our registry handles their personal information on our behalf by contacting Link Market Services (contact details are at the end of this Policy). GPT also collects information about subscribers to our "GPT email alert service" in order to provide updates from The GPT Group as they are posted on the GPT website.

Employees and prospective employees

Prospective employees

If you apply for or we consider you for a position with us, we may also collect information about your qualifications, skills, experience, character and screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks).

We collect personal information from you and from other sources including publicly available information, your representatives, information service providers, other GPT companies and the parties with which we exchange information as described here. We may also collect information about you through our employee referral program where someone you know recommends you to us.

We collect, use and disclose your personal information to assess your application, conduct screening checks and consider and contact you about other positions.

We may exchange your personal information with academic institutions, recruiters, screening check providers, professional and trade associations, law enforcement agencies, referees and your current and previous employers.

Without your personal information we may not be able to progress considering you for positions with us.

Working with us

This section applies to our current and former employees and contractors in addition to the section regarding prospective employees above.

We may collect information relating to your current or former employment or engagement including information about your training, disciplining, resignation, termination, terms and conditions, emergency contact details, performance, conduct, use of our IT resources, payroll matters, union or professional/trade association membership, recreation, leave and taxation, banking or superannuation affairs. We are required or authorised to collect your personal information under various laws including the Fair Work Act, Superannuation Guarantee (Administration) Act and Taxation Administration Act.

We collect, use and disclose your personal information for purposes relating to your employment or engagement with us including engagement, training, disciplining, payroll, superannuation, health and safety, administration, insurance (including work cover) and staff management purposes. We may exchange your personal information with your representatives (including unions) and our service providers including providers of payroll, superannuation, banking, staff benefits, surveillance and training services. Without your personal information we may not be able to effectively manage your employment or engagement.

We may monitor and record your communications and interactions with us (including email, telephone and online) and operate audio and video surveillance devices in our premises for purposes including compliance auditing, maintenance, security, dispute resolution, training and where email abuse is suspected.

Service Providers

In the case of unincorporated entities, GPT collects the following personnel information:

(a) Contact and insurance details;

(b) ABNs; and

(c) Information as to financial standings and business experience.

We collect personal information from you and from other sources including publicly available information, your representatives, information service providers, other GPT companies and parties with which we exchange information as described in this Policy.

Incorporated entities may provide GPT with the contact details of their employees in order for both of us to perform our obligations under our agreements. If you are an incorporate entity, you confirm that you have obtained the express consent from your personnel to the collection, use, disclosure and handling of their personal information in accordance with this Privacy Policy.

The personal information we collect is required to enable us to perform our obligations under our agreements with you/the company you are employed by and to assist us to manage our relationship with you/the company you are employed by.

Exchange of Personal Information with Third Parties

We may share personal information within GPT and other companies owned or controlled by GPT.

We may exchange personal information with regulatory authorities including police where required or authorised by law or to assist in the prevention, detection and management of unlawful conduct.

Some of the parties with which we exchange personal information are located outside Australia in countries like Singapore, United States of America, Hong Kong and India. While these third parties will often be subject to privacy and confidentiality obligations, you acknowledge that:

(a) they may not always comply with those obligations or those obligations may differ from Australian privacy laws;

(b) you may not be able to seek redress under the Privacy Act; and

(c) the third party may be subject to foreign laws which might compel further disclosures of personal information (e.g. to government authorities).

Storage of Personal Information

We hold personal information in physical files, computer systems or in a database held by us and by service providers on our behalf. We regard the security of personal information as a priority and use a number of physical and electronic to protect it. Unfortunately, no data transmission over the Internet can be guaranteed as completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us and individuals do so at their own risk.

A username and password may be essential for you to use some of our Online Services or parts of them. For your own protection, we require you to keep these details confidential and to change your password regularly (if applicable).

Security holder information is held by the registry in accordance with registry arrangements which require such information to be held securely.

Personal information is only retained for as long as it is necessary for the identified purposes, to the extent necessary for purposes reasonably related to those identified purposes (for example, resolving disputes) or as required by law.

Access, updating and further information

In most circumstances, you have a right to access any personal information which we collect and hold about you and to have it corrected if it is wrong. We may deny your request for access or correction in some circumstances, but if we do this, we will tell you why. Where we decide not to make a requested correction and you disagree, you may ask us to make a note of your requested correction with the information.

If you have registered your details for our Online Services or Member Programs, you may be able to access and update personal information on your profile, subject to any authentication and authorisation considerations, which exist to protect your security.

If you request, we will take reasonable steps to notify any third party to whom we have provided your personal information of the changes that have been made.

Privacy Officer

Please contact our Privacy Officer using the details set out below if you wish to:

ask any questions or provide feedback about this Privacy Policy or our approach to privacy;

make a request for access to or correction of any personal information that we may hold about you; or

make a complaint about the way in which we have handled your personal information.

We will try to address any privacy issues you may have. Any information that we provide in response may be limited to the extent permitted by any applicable law.

The Privacy Officer can be contacted using any of the following means: